| 多约束的基于角色的访问控制扩展模型 |
| |
| 引用本文: | 汪杰,孙玲芳.多约束的基于角色的访问控制扩展模型[J].信息技术,2011(3):110-113. |
| |
| 作者姓名: | 汪杰 孙玲芳 |
| |
| 作者单位: | 1. 江苏科技大学计算机科学与工程学院,镇江,212003
2. 江苏科技大学人事处,镇江,212003 |
| |
| 摘 要: | 基于角色的访问控制模型是访问控制中一个被广为接受的模型,但作为静态的被动控制模型,权限没有时间约束,在动态授权约束上存在局限性。引入任务的概念并阐述相关约束,提出多约束的基于角色的访问控制扩展模型,模型中通过任务或任务实例将角色和权限联系在一起,使得权限管理更为灵活,减轻了管理员的负担,满足动态职责分离原则、最小权限原则和限制权限继承原则等。
|
| 关 键 词: | 访问控制 约束 动态授权 RBAC |
Extended RBAC model with multi-constraints |
| |
| WANG Jie,SUN Ling-fang.Extended RBAC model with multi-constraints[J].Information Technology,2011(3):110-113. |
| |
| Authors: | WANG Jie SUN Ling-fang |
| |
| Affiliation: | 1.School of Computer Science and Engineering,Jiangsu University of Science and Technology,Zhenjiang 212003,China;2.Personnel Department,Jiangsu University of Science and Technology,Zhenjiang 212003,China) |
| |
| Abstract: | The role-based access control model is widely accepted as the model of access control.However,the RBAC model is a static passive access control model,permissions without time constraint,it exists a lot of limits when it describes the dynamic authorization constraint.This paper proposed extended role based access control model with multi-constraints.The basic idea of this model is roles and permissions are put together by tasks or task instances.The unit of task becomes the permission granularity.It is more convenient for privilege management and can reduce the administrator’s burden and avoid some potential safety hazards because of adopted dynamic authorization,the model meets principle of least privilege,principle of separation duty and principle of restricted permission inheritance,etc. |
| |
| Keywords: | RBAC |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
